Vulnerabilities > Sourcefabric

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-41361 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41364 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41366 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41367 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41368 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php
network
low complexity
sourcefabric CWE-94
critical
9.8
2024-08-29 CVE-2024-41369 Unspecified vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php
network
low complexity
sourcefabric
critical
9.8
2024-01-19 CVE-2024-0714 OS Command Injection vulnerability in Sourcefabric Phoniebox
A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0.
network
low complexity
sourcefabric CWE-78
critical
9.8
2022-08-30 CVE-2022-36749 OS Command Injection vulnerability in Sourcefabric Rpi-Jukebox-Rfid 2.3.0
RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php.
network
low complexity
sourcefabric CWE-78
critical
9.8
2020-05-19 CVE-2020-11807 Unrestricted Upload of File with Dangerous Type vulnerability in Sourcefabric Newscoop 4.4.7
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path.
local
low complexity
sourcefabric CWE-434
7.8